Forgot your password?
typodupeerror

Details on Refining Vista's User Control 304

Posted by Zonk
from the progress-moving-forward dept.
borgboy writes "Windows Vista has gotten a lot of negative press recently following the release of the latest beta, especially regarding excessive prompting for privilege escalation for seemingly common activities. On his blog, Steve Hiskey, the Lead Program Manager for User Account Control in the Windows Security Core group, details what the issues with the excessive prompting are, what the design goals of the feature are, and how they plan to achieve them. Briefly - they know the excessive prompting is a royal pain, they know that have to reduce it to an absolute minimum to be both productive AND an effective security risk mitigation measure, and they want as much feedback as they can get on the beta."
This discussion has been archived. No new comments can be posted.

Details on Refining Vista's User Control

Comments Filter:
  • by spongman (182339) on Friday June 02, 2006 @12:25PM (#15454971)
    the prompt appears on a sparate desktop, it's HWND isn't retrievable by any application, and the regular keyboard message pumping mechanism is bypassed.

    unfortunately, this breaks the brilliant synergy2 [sourceforge.net] tool temporarily...

  • Anytime you install a program, it has to change the registry. You want to see a video encoded in a new format? Ah, you have to register the format and the codec - and there ya go, you have to change the registry. You want to associate a new filetype with a program? There ya go, you have to change the registry.

    Sometimes I wonder - rootkits use stealth techniques to intercept registry calls. Why doesn't microsoft use the same rootkit approach to "cage" the registry into the directories used by the programs you install, and let the programs only use their caged registry? That way programs would only need access to their own caged directory and maybe a temporary or data directory.

    IMHO, the registry was the worst idea Microsoft could have come up with.
  • getting there... (Score:5, Informative)

    by spongman (182339) on Friday June 02, 2006 @12:31PM (#15455047)
    beta 2 is much better than previous CTPs which were almost unusable - I had to turn off UAC to preserve what's left of my hair.

    there's still some core OS UI that's not UAC-enabled, though. for example, you can't fully configure network connection settings without running running explorer.exe elevated.

  • by starfishsystems (834319) on Friday June 02, 2006 @01:16PM (#15455505) Homepage
    Yes, it's a tough crowd here at Slashdot.

    Some people here still expect beta to mean beta, which is conventionally intended to identify bugs in an otherwise stable product. A beta release is not, as you suggest, an invitation to change the feature set, though that has never prevented Microsoft from bending the rules at its convenience.

    To be charitable, I can imagine that with this Vista beta, the codebase might indeed be as stable as what we ordinarily expect from a beta release, and so what we're looking at now is just a matter of tuning the configuration parameters so that it prompts at the right thresholds. And, on the principle of security by default, the system will initially tend toward maximum prompting. However, thinking more soberly, a secure system will have fully addressed these issues at the design level, and prompting will not be excessive but appropriate and meaningful. If it's not, that's a clear sign that the design has deeper problems than can be fixed just by changing the prompting parameters. Pardon my cynicism, but in my experience, that would be entirely typical of Microsoft.

    Definition of beta at: Wikipedia [wikipedia.org].

    For usability see: Whitten and Tygar [usenix.org].

  • by spongman (182339) on Friday June 02, 2006 @01:25PM (#15455597)
    good question. i'm not sure. the built-in narrator works while the UAC dialog is up, though, and while it's not as good as some of the 3rd party readers, it should suffice for the UAC dialog navigation.

    maybe they should add an option to enable the build-in reader during UAC elevation...

  • Re:Huge Difference (Score:3, Informative)

    by astrosmash (3561) on Friday June 02, 2006 @01:27PM (#15455604) Journal
    You should read Raymond Chen's [wikipedia.org] blog [msdn.com] to get an idea of the completely ridiculous lengths Microsoft has gone, historically, to support backward compatibility in their operating systems. (To their own detriment, IMO)

    All zealotry aside, there are things in Windows that are done very well, and there are things in Windows that completely suck, and the things that suck are almost universally due to some sort of backward compatibility concerns.
  • silent elevation (Score:3, Informative)

    by microbee (682094) on Friday June 02, 2006 @02:36PM (#15456367)

    From the blog:

    The problem with marking Windows binaries to "silently elevate" is that we feel it will lead to "worms" or self propagating malware.

    Marking "silent elevator" should require administrative privilege, so what's the problem?

    Unix has this for years, that is called "setuid root". This is extremely useful.

    Also, it's very easy to have a knob to allow all signed applications to do silent elevation. Much cleaner than developing hacky shims.

  • by Keeper (56691) on Friday June 02, 2006 @03:13PM (#15456771)
    winsta0 is the interactive user's desktop session, not the secure desktop.
  • by MojoStan (776183) on Friday June 02, 2006 @08:14PM (#15459203)
    Windows, on the other hand, has hundreds of thousands of apps that expect to be administrator. The software companies don't want to fix them, and Microsoft doesn't want to break them.

    So MS defined a middle ground -- annoying prompts which you can't get rid of. Since there isn't a special security level which hides the prompts

    I haven't been testing Vista personally, but I just read a Paul Thurrott article on User Account Control [winsupersite.com] that seems to indicate that these annoying prompts do go away after installation. From the article:
    Under the covers, UAC also provides some interesting features related to backwards compatibility. On a typical Windows XP system, applications are typically granted complete control over the system they are installed to, so it's possible for them to read and write information anywhere in both the Registry and the file system. In Windows Vista, the Registry and file system are locked down, however. So UAC provides Registry and file system virtualization services that silently redirect read and write operations from protected portions of the Registry and file system to unprotected places located with the user's profile. Let's see what this looks like.

    Like you, I install various applications and many of them assume they have complete control of the system. One of them is Microsoft's MSN Messenger application. If you navigate to this application's folder (or any other application that assumes it can write to any folder on the system), you'll see a new button appear in the Windows Explorer toolbar called Compatibility Files:

    (screenshot illustrating this)

    If you click this button, you'll be redirected to a hidden location under your user profile where certain files have been redirected. The file here, ErrorResponse.xml, believes it is located in C:\ Program Files\MSN Messenger. It is, however, really located in D:\Users\Paul\AppData\Local\VirtualStore\Program Files\MSN Messenger.

    So all those "apps that expect to be administrator" (writing to "Program Files" and protected parts of the registry) will be "tricked" into actually writing to the user's profile. Doesn't this mean users will no longer need to use "Run as" or mess with user permissions anymore to get rid of the prompts?
  • Re:Considering (Score:3, Informative)

    by TheNetAvenger (624455) on Friday June 02, 2006 @09:54PM (#15459662)
    Well, most people don't have anywhere to get Windows Server 2003 at something close to a reasonable price for workstation use, other than with BitTorrent and the like (which many people wouldn't dare, or care enough to try). But yeah, Server 2003 is without a doubt the best version of Windows NT 5 around

    Just an FYI, if someone really wants to work with Windows 2003 server, there are tons of 120day evaluation versions they can get their hands on, even off the Microsoft Web site.

    If you are doing testing or running it in a virtual environment, you can keep re-installing and using it for as long as you need. The 120day version just isn't a good choice for a production environment for long term use, as you would have to recreate all the domain, sharing, services, and user settings every six months, but it is doable...

    I also agree that Windows 2003 Server was probably the best 'release' level OS version of Windows for security and stability. When it was first released, it even ran on the desktop faster than WinXP. This is why SP2 of WinXP is important, as it brought a lot of the Windows 2003 code base in the WindowsXP desktop line, more security, faster, etc.

This is an unauthorized cybernetic announcement.

Working...